Re: New Proposal for Section 11.1.3 Replay

To: "Chris Lonvick" <clonvick%cisco.com@localhost>, <ietf-ssh%netbsd.org@localhost>
Subject: Re: New Proposal for Section 11.1.3 Replay
From: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
Date: Wed, 14 May 2003 16:26:35 -0600

> Naturally, if an
>    attacker does attempt to replay a captured packed before the peers
>    have rekeyed, then the receiver of the duplicate packet will see that
>    it has the sequence number of a packet that has already been received
>    and will discard it.

The packet sequence number is not actually sent on
the wire, but is maintained independantly by each
side.

If an attacker replays a captured packet, it will
be input into the mac routines with the next valid
sequence number.  Since that is not the sequence
number that was used in the original computation of
the mac, it will show up as a MAC error.

Thanks, Chris, for compiling these.

- Joseph

Follow-Ups:
- 2nd version -Re: New Proposal for Section 11.1.3 Replay
  - From: Chris Lonvick

References:
- New Proposal for Section 11.1.3 Replay
  - From: Chris Lonvick

Prev by Date: New Proposal for Section 11.1.3 Replay
Next by Date: Re: New Proposal for Section 11.3.3 X11 Forwarding
Previous by Thread: New Proposal for Section 11.1.3 Replay
Next by Thread: 2nd version -Re: New Proposal for Section 11.1.3 Replay
Indexes:

Home | Main Index | Thread Index | Old Index